From 83f80facdac9a9eec14723612916289d7f984212 Mon Sep 17 00:00:00 2001 From: Matchu Date: Sun, 6 Aug 2023 15:52:05 -0700 Subject: [PATCH] Can log into OpenNeo ID accounts directly! A lot of rough edges here (e.g. no styles on the flash messages), but it's working and that's good!! I tested this by temporarily switching to the production database and logging in as matchu! Still missing a lot of big features too, like registration, password resets, settings page, etc. --- Gemfile | 1 + Gemfile.lock | 3 + app/controllers/application_controller.rb | 10 +- app/controllers/closet_hangers_controller.rb | 2 +- app/controllers/outfits_controller.rb | 2 +- app/helpers/application_helper.rb | 8 +- app/models/auth_user.rb | 7 + app/views/devise/sessions/new.html.erb | 26 ++ .../devise/shared/_error_messages.html.erb | 15 + app/views/devise/shared/_links.html.erb | 25 ++ app/views/layouts/application.html.haml | 4 +- app/views/outfits/edit.html.haml | 4 +- config/environments/development.rb | 2 +- config/initializers/devise.rb | 330 ++++++++++++++++++ config/locales/devise.en.yml | 65 ++++ config/locales/devise.es.yml | 65 ++++ config/locales/devise.pt.yml | 64 ++++ config/routes.rb | 5 +- vendor/cache/devise-encryptable-0.2.0.gem | Bin 0 -> 16896 bytes 19 files changed, 619 insertions(+), 19 deletions(-) create mode 100644 app/views/devise/sessions/new.html.erb create mode 100644 app/views/devise/shared/_error_messages.html.erb create mode 100644 app/views/devise/shared/_links.html.erb create mode 100644 config/initializers/devise.rb create mode 100644 config/locales/devise.en.yml create mode 100644 config/locales/devise.es.yml create mode 100644 config/locales/devise.pt.yml create mode 100644 vendor/cache/devise-encryptable-0.2.0.gem diff --git a/Gemfile b/Gemfile index 658d3f5a..0d244e80 100644 --- a/Gemfile +++ b/Gemfile @@ -22,6 +22,7 @@ gem 'react-rails', '~> 2.7', '>= 2.7.1' # For authentication. gem 'devise', '~> 4.9', '>= 4.9.2' +gem 'devise-encryptable', '~> 0.2.0' # For pagination UI. gem 'will_paginate', '~> 4.0' diff --git a/Gemfile.lock b/Gemfile.lock index 08ac44d6..1d4d54c9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -116,6 +116,8 @@ GEM railties (>= 4.1.0) responders warden (~> 1.2.3) + devise-encryptable (0.2.0) + devise (>= 2.1.0) diff-lcs (1.2.5) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) @@ -321,6 +323,7 @@ DEPENDENCIES capistrano (~> 2.15.5) compass-rails (~> 3.1) devise (~> 4.9, >= 4.9.2) + devise-encryptable (~> 0.2.0) dotenv-rails (~> 2.8, >= 2.8.1) factory_girl_rails (~> 4.9) globalize (~> 6.2, >= 6.2.1) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 6af3fe15..86546338 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -10,7 +10,7 @@ class ApplicationController < ActionController::Base before_action :set_locale def authenticate_user! - redirect_to(login_path) unless user_signed_in? + redirect_to(new_auth_user_session_path) unless user_signed_in? end def authorize_user! @@ -18,11 +18,15 @@ class ApplicationController < ActionController::Base end def current_user - nil # TODO + if auth_user_signed_in? + User.where(remote_id: current_auth_user.id).first + else + nil + end end def user_signed_in? - false # TODO + auth_user_signed_in? end def infer_locale diff --git a/app/controllers/closet_hangers_controller.rb b/app/controllers/closet_hangers_controller.rb index dfae42ab..2e0445d4 100644 --- a/app/controllers/closet_hangers_controller.rb +++ b/app/controllers/closet_hangers_controller.rb @@ -223,7 +223,7 @@ class ClosetHangersController < ApplicationController elsif user_signed_in? redirect_to user_closet_hangers_path(current_user) else - redirect_to login_path(:return_to => request.fullpath) + redirect_to new_auth_user_session_path(:return_to => request.fullpath) end end diff --git a/app/controllers/outfits_controller.rb b/app/controllers/outfits_controller.rb index 7c41e21b..1f24ae60 100644 --- a/app/controllers/outfits_controller.rb +++ b/app/controllers/outfits_controller.rb @@ -21,7 +21,7 @@ class OutfitsController < ApplicationController end else respond_to do |format| - format.html { redirect_to login_path(:return_to => request.fullpath) } + format.html { redirect_to new_auth_user_session_path(:return_to => request.fullpath) } format.json { render :json => [] } end end diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index fde5fb1c..60c134a6 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -132,12 +132,8 @@ module ApplicationHelper cache(localized_key, skip_digest: true, &block) end - def login_path_with_return_to - login_path :return_to => request.fullpath - end - - def logout_path_with_return_to - logout_path :return_to => request.fullpath + def auth_user_sign_in_path_with_return_to + new_auth_user_session_path :return_to => request.fullpath end def origin_tag(value) diff --git a/app/models/auth_user.rb b/app/models/auth_user.rb index 1fe9e4e2..18914d8d 100644 --- a/app/models/auth_user.rb +++ b/app/models/auth_user.rb @@ -1,3 +1,10 @@ class AuthUser < AuthRecord self.table_name = 'users' + + devise :database_authenticatable, :encryptable + # devise :database_authenticatable, :lockable, :registerable, :recoverable, + # :trackable, :validatable + + validates :name, presence: true, uniqueness: {case_sensitive: false}, + length: {maximum: 20} end \ No newline at end of file diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb new file mode 100644 index 00000000..1296b896 --- /dev/null +++ b/app/views/devise/sessions/new.html.erb @@ -0,0 +1,26 @@ +

Log in

+ +<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %> +
+ <%= f.label :name, 'Username' %>
+ <%= f.text_field :name, autofocus: true, autocomplete: "username" %> +
+ +
+ <%= f.label :password %>
+ <%= f.password_field :password, autocomplete: "current-password" %> +
+ + <% if devise_mapping.rememberable? %> +
+ <%= f.check_box :remember_me %> + <%= f.label :remember_me %> +
+ <% end %> + +
+ <%= f.submit "Log in" %> +
+<% end %> + +<%= render "devise/shared/links" %> diff --git a/app/views/devise/shared/_error_messages.html.erb b/app/views/devise/shared/_error_messages.html.erb new file mode 100644 index 00000000..cabfe307 --- /dev/null +++ b/app/views/devise/shared/_error_messages.html.erb @@ -0,0 +1,15 @@ +<% if resource.errors.any? %> +
+

+ <%= I18n.t("errors.messages.not_saved", + count: resource.errors.count, + resource: resource.class.model_name.human.downcase) + %> +

+ +
+<% end %> diff --git a/app/views/devise/shared/_links.html.erb b/app/views/devise/shared/_links.html.erb new file mode 100644 index 00000000..7a75304b --- /dev/null +++ b/app/views/devise/shared/_links.html.erb @@ -0,0 +1,25 @@ +<%- if controller_name != 'sessions' %> + <%= link_to "Log in", new_session_path(resource_name) %>
+<% end %> + +<%- if devise_mapping.registerable? && controller_name != 'registrations' %> + <%= link_to "Sign up", new_registration_path(resource_name) %>
+<% end %> + +<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %> + <%= link_to "Forgot your password?", new_password_path(resource_name) %>
+<% end %> + +<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %> + <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
+<% end %> + +<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %> + <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
+<% end %> + +<%- if devise_mapping.omniauthable? %> + <%- resource_class.omniauth_providers.each do |provider| %> + <%= button_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider), data: { turbo: false } %>
+ <% end %> +<% end %> diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 68a4b9fb..0e72e17a 100644 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -48,9 +48,9 @@ = link_to t('.userbar.items'), user_closet_hangers_path(current_user), :id => 'userbar-items-link' = link_to t('.userbar.outfits'), current_user_outfits_path = link_to t('.userbar.settings'), auth_user_settings_path - = link_to t('.userbar.logout'), logout_path_with_return_to + = button_to t('.userbar.logout'), destroy_auth_user_session_path, method: :delete - else - = link_to login_path_with_return_to, :id => 'userbar-log-in' do + = link_to auth_user_sign_in_path_with_return_to, :id => 'userbar-log-in' do %span= t('.userbar.login') #footer diff --git a/app/views/outfits/edit.html.haml b/app/views/outfits/edit.html.haml index 612f964f..8bcbde51 100644 --- a/app/views/outfits/edit.html.haml +++ b/app/views/outfits/edit.html.haml @@ -59,7 +59,7 @@ %figcaption= t '.sidebar.outfits.not_signed_in.header' = tmd '.sidebar.outfits.not_signed_in.pitch' = link_to t('.sidebar.outfits.not_signed_in.sign_in'), - login_path_with_return_to, :id => 'preview-outfits-log-in' + auth_user_sign_in_path_with_return_to, :id => 'preview-outfits-log-in' #preview-sharing.sidebar-view #preview-sharing-thumbnail-wrapper #preview-sharing-thumbnail-loading @@ -163,7 +163,7 @@ %li.checkbox.must-log-in %input{type: 'checkbox', id: 'advanced-search-wants', disabled: true} %label{for: 'advanced-search-wants'}= t '.search.advanced.wants' - = link_to t('.search.advanced.login'), login_path_with_return_to, + = link_to t('.search.advanced.login'), auth_user_sign_in_path_with_return_to, id: 'advanced-search-log-in-link' #no-assets-full-message= t '.sidebar.closet.no_data.description' diff --git a/config/environments/development.rb b/config/environments/development.rb index 84a67748..c672b6ad 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -35,7 +35,7 @@ Rails.application.configure do # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false - config.action_mailer.default_url_options = {host: "impress.dev.openneo.net"} + config.action_mailer.default_url_options = {host: "localhost", port: 3000} config.action_mailer.delivery_method = :letter_opener config.action_mailer.perform_caching = false diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb new file mode 100644 index 00000000..e852d897 --- /dev/null +++ b/config/initializers/devise.rb @@ -0,0 +1,330 @@ +# frozen_string_literal: true + +# Assuming you have not yet modified this file, each configuration option below +# is set to its default value. Note that some are commented out while others +# are not: uncommented lines are intended to protect your configuration from +# breaking changes in upgrades (i.e., in the event that future versions of +# Devise change the default values for those options). +# +# Use this hook to configure devise mailer, warden hooks and so forth. +# Many of these configuration options can be set straight in your model. +Devise.setup do |config| + # The secret key used by Devise. Devise uses this key to generate + # random tokens. Changing this key will render invalid all existing + # confirmation, reset password and unlock tokens in the database. + # Devise will use the `secret_key_base` as its `secret_key` + # by default. You can change it below and use your own secret key. + # config.secret_key = '7b36608c10cf3a8d38525a5156792c538b81587fee5c166d5a767f9c0c811ece063655cbbf58ce125643ef15c19e7cda01b46a37a9f85ecac3fb6825891a798b' + + # ==> Controller configuration + # Configure the parent class to the devise controllers. + # config.parent_controller = 'DeviseController' + + # ==> Mailer Configuration + # Configure the e-mail address which will be shown in Devise::Mailer, + # note that it will be overwritten if you use your own mailer class + # with default "from" parameter. + config.mailer_sender = 'matchu@openneo.net' + + # Configure the class responsible to send e-mails. + # config.mailer = 'Devise::Mailer' + + # Configure the parent class responsible to send e-mails. + # config.parent_mailer = 'ActionMailer::Base' + + # ==> ORM configuration + # Load and configure the ORM. Supports :active_record (default) and + # :mongoid (bson_ext recommended) by default. Other ORMs may be + # available as additional gems. + require 'devise/orm/active_record' + + # ==> Configuration for any authentication mechanism + # Configure which keys are used when authenticating a user. The default is + # just :email. You can configure it to use [:username, :subdomain], so for + # authenticating a user, both parameters are required. Remember that those + # parameters are used only when authenticating and not when retrieving from + # session. If you need permissions, you should implement that in a before filter. + # You can also supply a hash where the value is a boolean determining whether + # or not authentication should be aborted when the value is not present. + config.authentication_keys = [:name] + + # Configure parameters from the request object used for authentication. Each entry + # given should be a request method and it will automatically be passed to the + # find_for_authentication method and considered in your model lookup. For instance, + # if you set :request_keys to [:subdomain], :subdomain will be used on authentication. + # The same considerations mentioned for authentication_keys also apply to request_keys. + # config.request_keys = [] + + # Configure which authentication keys should be case-insensitive. + # These keys will be downcased upon creating or modifying a user and when used + # to authenticate or find a user. Default is :email. + config.case_insensitive_keys = [:name] + + # Configure which authentication keys should have whitespace stripped. + # These keys will have whitespace before and after removed upon creating or + # modifying a user and when used to authenticate or find a user. Default is :email. + config.strip_whitespace_keys = [:name] + + # Tell if authentication through request.params is enabled. True by default. + # It can be set to an array that will enable params authentication only for the + # given strategies, for example, `config.params_authenticatable = [:database]` will + # enable it only for database (email + password) authentication. + # config.params_authenticatable = true + + # Tell if authentication through HTTP Auth is enabled. False by default. + # It can be set to an array that will enable http authentication only for the + # given strategies, for example, `config.http_authenticatable = [:database]` will + # enable it only for database authentication. + # For API-only applications to support authentication "out-of-the-box", you will likely want to + # enable this with :database unless you are using a custom strategy. + # The supported strategies are: + # :database = Support basic authentication with authentication key + password + # config.http_authenticatable = false + + # If 401 status code should be returned for AJAX requests. True by default. + # config.http_authenticatable_on_xhr = true + + # The realm used in Http Basic Authentication. 'Application' by default. + # config.http_authentication_realm = 'Application' + + # It will change confirmation, password recovery and other workflows + # to behave the same regardless if the e-mail provided was right or wrong. + # Does not affect registerable. + # config.paranoid = true + + # By default Devise will store the user in session. You can skip storage for + # particular strategies by setting this option. + # Notice that if you are skipping storage for all authentication paths, you + # may want to disable generating routes to Devise's sessions controller by + # passing skip: :sessions to `devise_for` in your config/routes.rb + config.skip_session_storage = [:http_auth] + + # By default, Devise cleans up the CSRF token on authentication to + # avoid CSRF token fixation attacks. This means that, when using AJAX + # requests for sign in and sign up, you need to get a new CSRF token + # from the server. You can disable this option at your own risk. + # config.clean_up_csrf_token_on_authentication = true + + # When false, Devise will not attempt to reload routes on eager load. + # This can reduce the time taken to boot the app but if your application + # requires the Devise mappings to be loaded during boot time the application + # won't boot properly. + # config.reload_routes = true + + # ==> Configuration for :database_authenticatable + # For bcrypt, this is the cost for hashing the password and defaults to 12. If + # using other algorithms, it sets how many times you want the password to be hashed. + # The number of stretches used for generating the hashed password are stored + # with the hashed password. This allows you to change the stretches without + # invalidating existing passwords. + # + # Limiting the stretches to just one in testing will increase the performance of + # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use + # a value less than 10 in other environments. Note that, for bcrypt (the default + # algorithm), the cost increases exponentially with the number of stretches (e.g. + # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). + # NOTE: This value is unused with our custom HmacSha256 encryptor. + config.stretches = Rails.env.test? ? 1 : 12 + + # Set up a pepper to generate the hashed password. + # config.pepper = 'd05e1a10eb22387de6a48784ec214daa6c69b482836e1a833028de28c8833e7f3ba529b8a341a0b0b6f467c0fdd193b74031316affc58ca752405a02b9e3da69' + + # Send a notification to the original email when the user's email is changed. + # config.send_email_changed_notification = false + + # Send a notification email when the user's password is changed. + # config.send_password_change_notification = false + + # ==> Configuration for :confirmable + # A period that the user is allowed to access the website even without + # confirming their account. For instance, if set to 2.days, the user will be + # able to access the website for two days without confirming their account, + # access will be blocked just in the third day. + # You can also set it to nil, which will allow the user to access the website + # without confirming their account. + # Default is 0.days, meaning the user cannot access the website without + # confirming their account. + # config.allow_unconfirmed_access_for = 2.days + + # A period that the user is allowed to confirm their account before their + # token becomes invalid. For example, if set to 3.days, the user can confirm + # their account within 3 days after the mail was sent, but on the fourth day + # their account can't be confirmed with the token any more. + # Default is nil, meaning there is no restriction on how long a user can take + # before confirming their account. + # config.confirm_within = 3.days + + # If true, requires any email changes to be confirmed (exactly the same way as + # initial account confirmation) to be applied. Requires additional unconfirmed_email + # db field (see migrations). Until confirmed, new email is stored in + # unconfirmed_email column, and copied to email column on successful confirmation. + config.reconfirmable = true + + # Defines which key will be used when confirming an account + # config.confirmation_keys = [:email] + + # ==> Configuration for :rememberable + # The time the user will be remembered without asking for credentials again. + # config.remember_for = 2.weeks + + # Invalidates all the remember me tokens when the user signs out. + config.expire_all_remember_me_on_sign_out = true + + # If true, extends the user's remember period when remembered via cookie. + # config.extend_remember_period = false + + # Options to be passed to the created cookie. For instance, you can set + # secure: true in order to force SSL only cookies. + # config.rememberable_options = {} + + # ==> Configuration for :validatable + # Range for password length. + config.password_length = 6..128 + + # Email regex used to validate email formats. It simply asserts that + # one (and only one) @ exists in the given string. This is mainly + # to give user feedback and not to assert the e-mail validity. + config.email_regexp = /\A[^@\s]+@[^@\s]+\z/ + + # ==> Configuration for :timeoutable + # The time you want to timeout the user session without activity. After this + # time the user will be asked for credentials again. Default is 30 minutes. + # config.timeout_in = 30.minutes + + # ==> Configuration for :lockable + # Defines which strategy will be used to lock an account. + # :failed_attempts = Locks an account after a number of failed attempts to sign in. + # :none = No lock strategy. You should handle locking by yourself. + # config.lock_strategy = :failed_attempts + + # Defines which key will be used when locking and unlocking an account + # config.unlock_keys = [:email] + + # Defines which strategy will be used to unlock an account. + # :email = Sends an unlock link to the user email + # :time = Re-enables login after a certain amount of time (see :unlock_in below) + # :both = Enables both strategies + # :none = No unlock strategy. You should handle unlocking by yourself. + # config.unlock_strategy = :both + + # Number of authentication tries before locking an account if lock_strategy + # is failed attempts. + # config.maximum_attempts = 20 + + # Time interval to unlock the account if :time is enabled as unlock_strategy. + # config.unlock_in = 1.hour + + # Warn on the last attempt before the account is locked. + # config.last_attempt_warning = true + + # ==> Configuration for :recoverable + # + # Defines which key will be used when recovering the password for an account + # config.reset_password_keys = [:email] + + # Time interval you can reset your password with a reset password key. + # Don't put a too small interval or your users won't have the time to + # change their passwords. + config.reset_password_within = 6.hours + + # When set to false, does not sign a user in automatically after their password is + # reset. Defaults to true, so a user is signed in automatically after a reset. + # config.sign_in_after_reset_password = true + + # ==> Configuration for :encryptable + # Allow you to use another hashing or encryption algorithm besides bcrypt (default). + # You can use :sha1, :sha512 or algorithms from others authentication tools as + # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20 + # for default behavior) and :restful_authentication_sha1 (then you should set + # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). + # + # Require the `devise-encryptable` gem when using anything other than bcrypt + # NOTE: Our encryptor is included at the bottom of this file! It's cute and small. + config.encryptor = :hmac_sha256 + + # ==> Scopes configuration + # Turn scoped views on. Before rendering "sessions/new", it will first check for + # "users/sessions/new". It's turned off by default because it's slower if you + # are using only default views. + # config.scoped_views = false + + # Configure the default scope given to Warden. By default it's the first + # devise role declared in your routes (usually :user). + # config.default_scope = :user + + # Set this configuration to false if you want /users/sign_out to sign out + # only the current scope. By default, Devise signs out all scopes. + # config.sign_out_all_scopes = true + + # ==> Navigation configuration + # Lists the formats that should be treated as navigational. Formats like + # :html should redirect to the sign in page when the user does not have + # access, but formats like :xml or :json, should return 401. + # + # If you have any extra navigational formats, like :iphone or :mobile, you + # should add them to the navigational formats lists. + # + # The "*/*" below is required to match Internet Explorer requests. + # config.navigational_formats = ['*/*', :html, :turbo_stream] + + # The default HTTP method used to sign out a resource. Default is :delete. + config.sign_out_via = :delete + + # ==> OmniAuth + # Add a new OmniAuth provider. Check the wiki for more information on setting + # up on your models and hooks. + # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' + + # ==> Warden configuration + # If you want to use other strategies, that are not supported by Devise, or + # change the failure app, you can configure them inside the config.warden block. + # + # config.warden do |manager| + # manager.intercept_401 = false + # manager.default_strategies(scope: :user).unshift :some_external_strategy + # end + + # ==> Mountable engine configurations + # When using Devise inside an engine, let's call it `MyEngine`, and this engine + # is mountable, there are some extra configurations to be taken into account. + # The following options are available, assuming the engine is mounted as: + # + # mount MyEngine, at: '/my_engine' + # + # The router that invoked `devise_for`, in the example above, would be: + # config.router_name = :my_engine + # + # When using OmniAuth, Devise cannot automatically set OmniAuth path, + # so you need to do it manually. For the users scope, it would be: + # config.omniauth_path_prefix = '/my_engine/users/auth' + + # ==> Hotwire/Turbo configuration + # When using Devise with Hotwire/Turbo, the http status for error responses + # and some redirects must match the following. The default in Devise for existing + # apps is `200 OK` and `302 Found respectively`, but new apps are generated with + # these new defaults that match Hotwire/Turbo behavior. + # Note: These might become the new default in future versions of Devise. + config.responder.error_status = :unprocessable_entity + config.responder.redirect_status = :see_other + + # ==> Configuration for :registerable + + # When set to false, does not sign a user in automatically after their password is + # changed. Defaults to true, so a user is signed in automatically after changing a password. + # config.sign_in_after_change_password = true +end + +require 'openssl' +module Devise + module Encryptable + module Encryptors + class HmacSha256 < Base + def self.digest(password, stretches, salt, pepper) + hmac = OpenSSL::HMAC.new(salt, 'SHA256') + hmac << password + hmac.hexdigest + end + end + end + end +end diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml new file mode 100644 index 00000000..94beb2ca --- /dev/null +++ b/config/locales/devise.en.yml @@ -0,0 +1,65 @@ +# Additional translations at https://github.com/heartcombo/devise/wiki/I18n + +en: + devise: + confirmations: + confirmed: "Your email address has been successfully confirmed." + send_instructions: "You will receive an email with instructions for how to confirm your email address in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes." + failure: + already_authenticated: "You are already signed in." + inactive: "Your account is not activated yet." + invalid: "Invalid username or password." + locked: "Your account is locked." + last_attempt: "You have one more attempt before your account is locked." + not_found_in_database: "Invalid username or password." + timeout: "Your session expired. Please sign in again to continue." + unauthenticated: "You need to sign in or sign up before continuing." + unconfirmed: "You have to confirm your email address before continuing." + mailer: + confirmation_instructions: + subject: "Confirmation instructions" + reset_password_instructions: + subject: "Reset password instructions" + unlock_instructions: + subject: "Unlock instructions" + email_changed: + subject: "Email Changed" + password_change: + subject: "Password Changed" + omniauth_callbacks: + failure: 'Could not authenticate you from %{kind} because "%{reason}".' + success: "Successfully authenticated from %{kind} account." + passwords: + no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." + send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." + send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." + updated: "Your password has been changed successfully. You are now signed in." + updated_not_active: "Your password has been changed successfully." + registrations: + destroyed: "Bye! Your account has been successfully cancelled. We hope to see you again soon." + signed_up: "Welcome! You have signed up successfully." + signed_up_but_inactive: "You have signed up successfully. However, we could not sign you in because your account is not yet activated." + signed_up_but_locked: "You have signed up successfully. However, we could not sign you in because your account is locked." + signed_up_but_unconfirmed: "A message with a confirmation link has been sent to your email address. Please follow the link to activate your account." + update_needs_confirmation: "You updated your account successfully, but we need to verify your new email address. Please check your email and follow the confirmation link to confirm your new email address." + updated: "Your account has been updated successfully." + updated_but_not_signed_in: "Your account has been updated successfully, but since your password was changed, you need to sign in again." + sessions: + signed_in: "Signed in successfully." + signed_out: "Signed out successfully." + already_signed_out: "Signed out successfully." + unlocks: + send_instructions: "You will receive an email with instructions for how to unlock your account in a few minutes." + send_paranoid_instructions: "If your account exists, you will receive an email with instructions for how to unlock it in a few minutes." + unlocked: "Your account has been unlocked successfully. Please sign in to continue." + errors: + messages: + already_confirmed: "was already confirmed, please try signing in" + confirmation_period_expired: "needs to be confirmed within %{period}, please request a new one" + expired: "has expired, please request a new one" + not_found: "not found" + not_locked: "was not locked" + not_saved: + one: "1 error prohibited this %{resource} from being saved:" + other: "%{count} errors prohibited this %{resource} from being saved:" diff --git a/config/locales/devise.es.yml b/config/locales/devise.es.yml new file mode 100644 index 00000000..a5677b71 --- /dev/null +++ b/config/locales/devise.es.yml @@ -0,0 +1,65 @@ +# From https://gist.github.com/lmrodriguezr/d7ab31022b34145d1dcf1529515589a0 +# Traducciones adicionales en https://github.com/plataformatec/devise/wiki/I18n +es: + devise: + confirmations: + confirmed: "Tu correo electrónico ha sido confirmado exitosamente." + send_instructions: "Recibirás un email con las instrucciones para confirmar tu correo electrónico en unos minutos." + send_paranoid_instructions: "Si tu correo electrónico existe en nuestra base de datos, recibirás un email con las instrucciones para confirmar tu correo electrónico en unos minutos." + failure: + already_authenticated: "Ya iniciaste sesión." + inactive: "Tu cuenta aún no ha sido activada." + invalid: "Email y/o contraseña inválidos." + locked: "Tu cuenta está bloqueada." + last_attempt: "Tienes un intento más antes que tu cuenta sea bloqueada." + not_found_in_database: "%{authentication_keys} o contraseña inválidos." + timeout: "Tu sesión ha expirado. Inicia sesión nuevamente." + unauthenticated: "Tienes que registrarte o iniciar sesión antes de continuar." + unconfirmed: "Tienes que confirmar tu cuenta antes de continuar." + mailer: + confirmation_instructions: + subject: "Instrucciones de confirmación" + reset_password_instructions: + subject: "Instrucciones de cambio de contraseña" + unlock_instructions: + subject: "Instrucciones de desbloqueo" + email_changed: + subject: "Email modificado" + password_change: + subject: "Contraseña modificada" + omniauth_callbacks: + failure: 'No pudimos autentificar tu cuenta de %{kind} por la siguiente razón: "%{reason}".' + success: "Te autentificaste correctamente con tu cuenta de %{kind}." + passwords: + no_token: "No puedes acceder a esta página sin venir desde el email de reinicio de contraseña. Si vienes desde ahí, por favor asegúrate de usar la url completa que aparece." + send_instructions: "Recibirás un email con instrucciones para reiniciar tu contraseña en unos minutos." + send_paranoid_instructions: "Si tu email existe en el sistema, recibirás un email con instrucciones para reiniciar tu contraseña en unos minutos." + updated: "Tu contraseña fue modificada correctamente. Has iniciado sesión." + updated_not_active: "Tu contraseña fue modificada correctamente." + registrations: + destroyed: "Adiós, tu cuenta ha sido eliminada. Esperamos verte de vuelta pronto!" + signed_up: "Bienvenido! Te has registrado correctamente." + signed_up_but_inactive: "Te has registrado correctamente, pero tu cuenta aun no ha sido activada." + signed_up_but_locked: "Te has registrado correctamente, pero tu cuenta está bloqueada." + signed_up_but_unconfirmed: "Te hemos enviado un email con instrucciones para que confirmes tu cuenta." + update_needs_confirmation: "Actualizaste tu cuenta correctamente, pero tenemos que revalidar tu email. Revisa tu correo para confirmar la dirección." + updated: "Actualizaste tu cuenta correctamente." + updated_but_not_signed_in: "Actualizaste tu cuenta correctamente, pero tienes que iniciar sesión nuevamente porque tu contraseña ha cambiado." + sessions: + signed_in: "Iniciaste sesión correctamente." + signed_out: "Cerraste sesión correctamente." + already_signed_out: "Se cerró sesión correctamente." + unlocks: + send_instructions: "Recibirás un email con instrucciones para desbloquear tu cuenta en unos minutos" + send_paranoid_instructions: "Si tu cuenta existe, recibirás un email con instrucciones para desbloquear tu cuenta en unos minutos" + unlocked: "Tu cuenta ha sido desbloqueada. Inicia sesión para continuar." + errors: + messages: + already_confirmed: "ya fue confirmada. Intenta ingresar." + confirmation_period_expired: "necesita ser confirmada dentro de %{period}, por favor pide una nueva" + expired: "ha expirado, por favor pide una nueva" + not_found: "no encontrado" + not_locked: "no ha sido bloqueada" + not_saved: + one: "Ha ocurrido 1 error:" + other: "Han ocurrido %{count} errores:" diff --git a/config/locales/devise.pt.yml b/config/locales/devise.pt.yml new file mode 100644 index 00000000..81dbf652 --- /dev/null +++ b/config/locales/devise.pt.yml @@ -0,0 +1,64 @@ +# From https://gist.github.com/de-farias/62c24d3bf84045b2e858abbdd20fa3e5 +pt: + devise: + confirmations: + confirmed: "Sua conta foi confirmada com sucesso." + send_instructions: "Você receberá um e-mail para confirmar sua conta em alguns minutos." + send_paranoid_instructions: "Se o seu endereço de e-mail existir na nossa base de dados, você receberá um e-mail para confirmar sua conta em alguns minutos." + failure: + already_authenticated: "Você já está logado." + inactive: "Sua conta ainda não foi ativada." + invalid: "%{authentication_keys} ou senha inválidos." + locked: "Sua conta está bloqueada." + last_attempt: "Você tem mais uma tentativa antes que sua conta seja bloqueada" + not_found_in_database: "%{authentication_keys} ou senha inválidos." + timeout: "Sua sessão expirou. Por favor, faça login novamente para continuar." + unauthenticated: "Você precisa fazer login ou se registrar antes de continuar" + unconfirmed: "Você deve confirmar o seu endreço de e-mail antes de continuar." + mailer: + confirmation_instructions: + subject: "Instruções de confirmação" + reset_password_instructions: + subject: "Instruções para redefinir sua senha" + unlock_instructions: + subject: "Instruções para desbloquear sua conta" + email_changed: + subject: "Email modificado" + password_change: + subject: "Senha modificada" + omniauth_callbacks: + failure: 'Não foi possível autenticá-lo em %{kind} porque "%{reason}".' + success: "Autenticado com sucesso em %{kind}." + passwords: + no_token: "Você não pode acessar essa página sem ter vindo de um e-mail de redefinição de senha. Se você recebeu um e-mail para redefinir sua senha, por favor, certifique-se de estar usando a URL correta" + send_instructions: "Você receberá um e-mail com instruções sobre como redefinir a sua senha em alguns minutos." + send_paranoid_instructions: "Se o seu endereço de e-mail existir em nossa base de dados, você receberá um link de recuperação de senha em alguns minutos." + updated: "Sua senha foi redefinida com sucesso. Você agora está conectado." + updated_not_active: "Sua senha foi redefinida com sucesso." + registrations: + destroyed: "Até a próxima! Sua conta foi cancelada com sucesso. Esperamos te ver de volta logo." + signed_up: "Bem vindo! Você se registrou com sucesso." + signed_up_but_inactive: "Você se registrou com sucesso. Para efetuar login, você deverá ativar sua conta." + signed_up_but_locked: "Você se registrou com sucesso. Mas não foi possível logar pois sua conta está bloqueada." + signed_up_but_unconfirmed: "Uma mensagem com um link de confirmação foi enviada para o seu endereço de e-mail. Por favor, acesse o link enviado para ativar a sua conta." + update_needs_confirmation: "Você atualiou a sua conta com sucesso, mas precisamos verificar o seu novo endereço de e-mail. Por favor, acesse o seu e-mail e siga as instruções de confirmação para confirmar o seu novo endereço de e-mail." + updated: "Sua conta foi atualizada com sucesso." + updated_but_not_signed_in: "Sua conta foi atualizada com sucesso, mas como a sua senha foi redefinida, você precisa logar novamente." + sessions: + signed_in: "Logado com sucesso." + signed_out: "Até breve!." + already_signed_out: "Até breve!" + unlocks: + send_instructions: "Você receberá um e-mail com instruções sobre como desbloquear a sua conta em alguns minutos." + send_paranoid_instructions: "Se o seu e-mail existir em nossa base de dados, você receberá um e-mail com instruções sobre como desbloquear a sua conta em alguns minutos." + unlocked: "Conta desbloqueada com sucesso. Por favor, logue para continuar." + errors: + messages: + already_confirmed: "já foi confirmado, por favor logue para continuar" + confirmation_period_expired: "deve ser confirmada dentro de %{period}, por favor solicite novamente" + expired: "expirou, por favor solicite um novo" + not_found: "não encontrado" + not_locked: "não estava bloqueado" + not_saved: + one: "Não foi possível salvar este(a) %{resource}:" + other: "Não foi possível salvar este(a) %{resource}:" diff --git a/config/routes.rb b/config/routes.rb index 7fae6cbe..0f1f1d82 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -47,9 +47,8 @@ OpenneoImpressItems::Application.routes.draw do post '/pets/submit' => 'pets#submit', :method => :post get '/modeling' => 'pets#bulk', :as => :bulk_pets - get '/login', to: redirect('/?TODO'), as: :login - get '/logout', to: redirect('/?TODO'), as: :logout - get '/auth-users/settings', to: redirect('/?TODO'), as: :auth_user_settings + devise_for :auth_users + get '/users/current-user/settings', to: redirect('/?TODO'), as: :auth_user_settings post '/locales/choose' => 'locales#choose', :as => :choose_locale diff --git a/vendor/cache/devise-encryptable-0.2.0.gem b/vendor/cache/devise-encryptable-0.2.0.gem new file mode 100644 index 0000000000000000000000000000000000000000..a59f5c533dd326f58c658afdf1fbf29ac76022fe GIT binary patch literal 16896 zcmeIZW0WsXvo6@SZQHhO+qP}nwz1o`?cMI)ZF{%v{>}f~`Ec%f*IhGT?zwZ;tT(=7 zRb^#XL{!GJq9W_DH+M5OGj=m(u=D}?uM(zzgpG|2=s((jB6b`}mGW)@afW=;+! zc4k%}CT3PPHdY`arvEC1{^xn!UEPdb{!z)(%G})UfA08~-0ln6kO;~0^>i?wvZSb-}QP&Pd60CKN0S1E5vqT_7<&tM@a!1&%N)-ip z$nC{EF1=;%+4FtSEVB7T*>r|Gf0lhO=hH{vf1G2Ik#)#=m(&N6Zk~zJnFTc$!jxn6 zi>Q=bEc)bjQ3NDAP3mC zH|aeKh68wuPNO3-$wE-@xqupAlW%$1QpCjk7LsW!lHD#3%2>Uw%V$Jl-QKBobmF2c z5sH*I=<38E^@2|rKa@ihl$~`Gp2y?MCNWe()|v$F!p=H=lC>Q&#m+ zJ$kUUW_k3Qd6boSwEXCK98Z4D&n4 zzX|VgjCq!L6YHub9Fj#2CtETii}(@7WdQ}!#M9m|8|7GIln(|N`-*gw>bGw zzHvnCnY)D}TF}AGNkS${xJ`rM%bh>4!ls9Dg(iKWM<{;4l(>}@dA0h&zHvCKQ69mE zCU3Ec?F#yF(cA0Sl`zkr?B;`>_4=x9>~L-^D`c>jOhRT9eId@_84~3Z7cDguJF*eC zGy!Zrg7^qU*Bc$<2zLxa#(eJ$J4 z!Dg6PU;L2SlrofJhZwErls2BuVm4$rzCVNYqxm}Hwna_yv`}!k6f@`ZhNC#Gl&y$z z(|Wow+lMIE#&x4`d5=_zLTJi`5EXh(c1x;8BTbpO5~XlZrLBWO^q z6ngh9XLf8`G^~tks#-9eYn4@U$vs5c%Z(U~m4VeiF*J&x8u$qDfafRfSB~l07-(DM zXvl!SEk+Ya8wS*&{eaWW9X`&({dbM^|CL_<1N;9$!2j>?pOuM~js0KopOu5<-}wK( zdSCy$ul*El7i3V zvdIDb+<*iTi8ETOc37XVF0Ye$IXgRh0%1;IDs(0Zw^}jwDF&1mDs(Jk!$TChy;XcU zS}t4$EL}f;?tCj-u3w9O{xouah`9-LMHbRY=VK{#btkcO7Vp^K&V+tS1rYFg5gCLv z!Ih;-HR#v)QyA3pQKlD2kvgBg36nq+b{yQ7a_Q9VH{sH2D*T=Q8dO|6oK|F1YYFI~ z&09dV+_0nXz6J$~Sm3>O=!tY9oLUPY38&O#c``e%7f0&K1X`3HL*%!5K83tYWe6Zq z5EXpR7b4rRK_9Eil5C0)Ep*##vJG4vYDnNiTpUOO@rhomS;+=hp(AAs4MY;XR7ayU zA&`^>Z`1!go_~IPdwM&*I6l_AKC*bf4W2}leLxI+>Uanw6qKZ$0JrwK>S2*Hlh=EE zWW=TnK#MWxSw;ak4gZc_D}k);`G}2W(~p0Bsjsi!L~vh7I2t$o699wvKK|J+quA=;IonptpHGcXJ8w_*jMYQ>k&^BC2;K zbQeXVAo^J_*M~1=NP(q<8dc#ThW4R3G8Zwql_;JlOd^;<*+6O18!N)n^V=5TT3>if zWqYy27C=(~p@HQAO$YI@C((~s0N-~`qh}ZuMV>uCB-|8tXiqcN8KjEgRB|a@<$1xx ztct1^!G;xr=ofMSYjz=y_9>`h2~}3@?E{R1+O0c^;D^ponT*qaqr)I%TY$6>f760A zAubgv;07IbLnwi0k1PS^h;Gm?*Qr`$gd-^|%hj|J2o`1w3mL4)x^T^m6K#%0g0&h0 z4-R}#zj=5`MFFRw-5V1`@4}MPRgPUni{y?YOo9`TIuKiLwjDARW315VD|o!8Yt^j> zd5XD33>BbInlQEmogY5xJxq}LyHAO#4GfAq9)}`_#~rG%csxCk4wMK-U|%RTS?`S& zjP>kb)$L%F3L$OosMu4f5Sd zq)Ws(!@^rK;_Va8 zm!{;%1Wu5o3yUr+jP=!CF79)~*qmiBOa`V>6KdH47)*0CxeBulfEb+zIrMJ^$X1viQ@l%MgE=r{aU8i+ldfhQgai43E%MmsLg>-$zRo&P=Csv@e*LtquYw!f6T zHTqy@orPf|X2!gx{B_uvXG;z)8kr#>%WPd#uIT2rga!|yEPfQd#|h;4KCWF~r1%EY z%F@Ub7(SbzanAnXC?pedUR@>eBQ^eGTeM+IodhM_$F~gC=d*3I02MJ&cb{KON@tXz zJjizi#Eq*J)`svRni}dC;C|49sncovPr!)X$1i4*6+~tTA&>)!fJm2W0l@cau-nGK zh>Mj|pc_FKH-jBYg0Kks?=b_Q^z9UGe~FOCvoc1x%BD&GqKf#cwumvJ4JVu_KWbT- zN=HSNB%+7+cv82xR3GiQ_x!-n{9_VP5W>wo3f}|!X?aJ9V zT^XK6(Nu8A9*ZaXTL3qfMrPe($s{Bdj!neyoK_)ZL_z`KF9IyZK1UyWrmD7%{Dhmd zB;SmE4pI)+YA8e}28C)8vs{I_G>n^3NRd{%9IvzcLZVcsvNyTN3JsPA3SNItcVm$% zz7zK=A!wZjw-3fpi0vX|48nd>qPT5I3RZrO^zv-&agq2Jd>W6p&FXyP73nQ?pY0nlaSs|KC zg}A0R4VLrnBuX;WK;)EDh=37nVi}EQT$;iURiZ{xJ8ru**=Fqrr&+5ux1FoRbu>}= z4mx*A2B7$Cuzp}dg%l15w`+y8Ao7O+>^tco{BC5VEO}a(4rxY=Tp$>}%Y*rYmb@^yA&Wbq;mAhoF$5>SL)95{sD`gFNqoKe%FQIOkdNl&7< zVf~zAFp22En-EzPMkbl)KMG0po@Y&A1Ab2J29gXkMtjp4=o}JJ4(7T zgbmHueo$th8hYRecTL_PmCep_=g}+xk1#VmyHdp|{hjlg;ir`Dpo??e<@;^nvG@Bq zanSzc8Z>f9yl=Hn#vq+xU@6sFuc$wI!5wf(40&rQd5j|AA zV$RdcMq;|$wbQDkZNi|##*cC5KY6P(gI)|U#sSf_l~HIa4*PFHMh-O-U}mIH9Nh6A zu)-9nqtX5-J>GDeVvxv7l%eJ`E~M5XUfAI(+0062`)pVhIsMduLPz`i%Gi>FIrt4E zIxs)zO9r@=?OgdsYOYtwL36?x?5as0us7SEM?;*LP(PnI68{E#()d`Y6ggu}|eJ+CO*}lh8#>7$bfUMf7uJ`AXKR z6|$E3mzB*j!11THd!(8SoL&ZOz~>XfirAI3hnP=X`+HG!mdqIDy1wxWHYbaa$inyY zDl!GL-e^K_!x37x#m@1eSrmy3pawcbIZ^1o?@ayzaImY1*C8%o5rVj(u2OB8`fmd% zQ>D8W8jg9lllj_kI!t({dQx$IAOSsuB&<$h8RrSgs@NXlK@9XT&INfvTK?S{g-vq8 zb~>A`Z6qcxGr*Y-S#FuXYW)7_QgL=M+fvWj7u!6Nb+gjjU)@6&U$YmZWgJrg)*Orl1V?weP;6$j%k)6f~ z8t-<)60^tI_-LS{aKQlWm!Lr~P%zeQo`FF9z_@Y#f#SjG$?N1+cljgjaP{5LPQc)l zg1lV?)JW9Hs^W=wog2ISOsj=)Ddf{o0|>A z91X5ag%fZg6y+H(G=yMNf}&qnMSe7QUnLzHyj3s}elDODMO93^)51Vj7T+D2g%g;_ z+}XIH5W0XxTfH5=s4I5^M&%eGVhn2m#itly(7w`d8qC^SvJWJyXdujsEbdMK6k$M3 zm9`sv9wzUehn^J|t(;xdP$qpdnR+XQZPUJ3j+acqC!*B3m1VL!ExFdTZ>iBaNAs@U zgfh%jtDaiq)z zfj%q;?AN4VcVFjlr>A2_rL6Z~V;hf_si^I7y}Rf}B=`#k!kz-;8`k&1rVO$4Mk$9@ z=%42}%S2~`B5ws*bZa>pKS|3@(jW-12`Nu?g-HeqBx{_(lr?5;JW^HCzTQr(QeY6g zRwINt5pQFrdk6l)NS>wXX#2Tg)W(BA`^rM^f`bSqn)zi5HLTP(_e~(TN(>-`c_f+~ zx)$Q?>QXi??Z+A(4vpLsVjlbRlT#$E7+9;W2?m}ShdEv%Gaai}^Z%5nzL@icQPJL3 z%3s3_|1Rr}QP8FeUWqhkkr^3lS;@#N<6N z+!qg<^~cEPT!5sHXX552-=M=@Y-Ba-3FOarI-PekjzUY}NlvH5(Y!SSj2>(Cyx#XR`7 z&rU8DLpgKL`|Nz`^oJlI0@pDl8Eo9}y8aZbpD8=2(H8)2K={u}@Gvxb9rXB?1d4r; z#q+Srz6|?uOJWB;_WAO6f|pi(EL4 zHLr?sgb~v;QH`*u5NNXQQ~l^cw?7<9Y2)~~G+4z*Ky;KIjTa4Km=?GLkDjZK1l(q!gZX#cp?tWZHv{p7jR#W2e-2j5C2FnUA{owxo$MqaBbp1funH zd_l?=X`4Yt5DV0xLMv&1NIdb}<{ zguo2eUZnun`Y`BqGczdbgiA5WSaXHV&@8>*_c5dCj*e;M*KoD0;|gajfv&B6V6DqW zAbyabJ@F@{Vklq}4ed(>EGq~Sh*cn!8)BNiL$209L5x`HPf`3{7CK){a+htA?;DMj z(_*-8O)v3-tG@CYj0#7T9Ek0Pm) z88u&WIpBKvV{_YbOpxbcbYp%mH*=!KKyWbmzUBnhT?_(^<^NuCSZQ3#m`@d)&hXfRax?7IbL7&Y)VwSYu z?V*PEWA)c4^|hHmeF=cK+UE3IH4jR%LA?eNhYEUy?D2(Kk(!r(Lqj}0wFv@w?C|^+ zh7cw^tvtBM0CU6Y6d}-hTk&Gpn|+#+DxC(H#7W z`prx%s7V`cCIehpg$usHf_4Na2yqNsIkacBHOV=ej3xmJwjE7QudEE#9VJk{F~cf; zr+>}5UE~4%2sPjjIj+uffE^1)KoANLcceTI=ib)@2iCUBE(22}bgN9~+gux`MDFMj zp0=%g2om7P#e8d_DUP>%_4;XGy-IrmRQ3$;16&yer*l`U9p_CzK3_lnsD7CK96to^ ztN>i}opJ%3f79mx&-;aS0MCE!3pbugWM<|G+lLLouj%G2Z0e|x>VHCeFEmKqjUCyO)o_6O?)D<;RGU-u_F~KM!0ZAcla|9vThaZa<%BkLfjcXB+yk zt#CK|l%t&7er(~#PF|eg9PUw%(+-h9&j&r17-_vf}~}U^!3* z_zXR8ssY@t0Un7%WRlx_pLOc2Fm`qG`GLf>RLo9iM-44H$&!xgJ> zP*n!Mu00V>h$pb7EIZ-jk++9-1e)ZCi)3XaMTF;751@J)s76!4Er5xV(=g86pJ0OK z#VNlCS5JMz8;3$jZNr)BCHr1VwMeIu-K_7BBx|A!N8Ti^pGNwWanhPZ_%Pq4#S#iM zUD{Hb7>taEhWU?WW#(ys>>p7~pTr;@IYRBuG3xS+>OkIpxfdB0J5w3x6bf%?UUM&y zrW=0>CKGaacw8mIZF~GZV#w~`&XRnZ@#1@bfqI?{_bY8Y49qbqn#s?FT(VeG+szV2lNJSO$a&Q~%t$fA-mb0dU^{mGTPrP%kNS)Le(t#pSGez7XFjw=}b> zY}`MHUYg8R0&UHIZJB_^mV}B{mt&>qlYSxG1~ziKg+g}8jf1I1>6b431}!xle=^Ua zx9shTUyWDajKt*gMkFuvX)X%F!Nt@M^i!jGIXF=x){_!Va39ZukB`!zA^h0?z9v(x zHNpu<9#6m*yRuHpkxtu{#yi7ZlQwjC3BSXE=!aK+Z+TpgWDI>~i)S!@YhM2AZmx$lH`{EsXES|M1AtlDU1$pZkF9+-MOT1Vh@HA0 zK>QcrCh{Ht+Z76PyVnZ<+8uC-Z)<7rkXZIWZiKU>OntmqjD2*hNL_wRy%1FF2LJ(& zwfXb$d_x2l<`w4W5eE9QP*;9{C=1M04n7?AWFQ*u?fBne40uNlSVi4Q_I0@*3R-*z zir!o&jPL*XCJc4?v0S-!Z~p)s{Q<05_|n=1+t9|u1NI||Ng!9p@Y043BJ@`9Rg~72 z40H1n*>T4jc6m?CaBDKZ8ZPJ%<)A#chuV62mV4QGpPeI+J1zl*m(K%|KNXsP06V*l z9jgGsjvvO#56tN4*(8u|r<7PffAr^^Lr&6YY2{3RD90|Hk*{5JtO`r6=VBi7H=WRQ z_ci_Jm6!x#bsbh4RtZGJBi@l#lW<6-MbWY5w{e4{KGGs2%;cYFWVb zV&Lb~UPVt2x^(3*l_2R|xZaAFUp$W_IQ`EH=QvfB((YSIz(xd#pdI1Mv|icj0_h=tb93w;8A^X+sR=H>d)9r$&P?b&1BRXj?ZrNndIlXA0ip{p z<==as-*ZO)1gk3Ga>uGDQK%oYU+$%zH?7&V&f6Vp!sv9UV1@9qn3xR66cT18d{)WrRDpk4877A%Oc%ksD_Y()d_G$ zzNk6HV`oQ){Ol&k%G!xhHXsM){D(DdO<1{WLh`(N>^r`Tp z=yQ(#k#L|jz({27+YB?~B_8_*)6{BbOs=Y$RPmrgg8sg0M4qN)?ZyKZX$}f~L6~Hv z>3cXEhFI1(X&IOtGVg*_!5SS%LbO5(k4IL627x`OAvR*<_%MIjzyo?rB$^Zc;#j-c zY8ixP9B901IsBkTyidr5cFECF(3bYEYO&(@hWXJ6CYu)$9#dp?+G+mcHcd@B~4B!mNty!@NH1;SE$8C@%04yX)*0&xL?R(F!ADdEeM`^mWv zRX@n=Od+g6>I=r6aRYVFl);?w&feW{r@cqVWKg+qktvg9EPSH@&d%_=%^UghPJYYP z8<5c}MwB9oH`wVMWIdNLYOPsKa*pgd?5OLI|#K>vi z3;f02v(aBZ1GLRX$%!Z##VFe_swjvLgL&QJ??3_|rspnLtXT?I=`F1ah|x6k>V*hF znXq^6$p~H_9!o|~U(}IkFh4k^!}Kd_Dfv4|&)xYfPj~kwK@Op%L84ZUuV!u-Td9WR zU2X$}p^T5IfV!1r-spUkQ6MstlOs6DZ=;$$bs_RA-cM!8Du?Ow?a{qu@NW0nx3yYq zoyk;N%_|UV%sMxBw7qGCknu-#qF7K4%xmj?&!NIF0U%L&{nM~#2DoM4{Tfi1qo|lK z2-(xVZS}oY_*QHce?a_BHCcK+1sznid!#)DK$bc*~s#akNenH3M zBy^1WLasjw@C^^7;X0Hbt-8*nb2`NPsJpo4w25RDfrjNX6iDJ-qp^G=ylU4vrbvQJ z?}(Jd;JcHEV0x})1J_#rQU%3XNSF(CLKZ$yq0g`uck~ETUB&&Qc+^d$P8|(*>lKmk z_|pifbn6lMBvOt`!!$WyJHtsE^_C*Rtm?9Ery6F%E|<6VplTbWY9!dZn?0$yGZA0r zMpcFn@5LQWIt_iYHphh?c_3%}WiblPw1HLwF7L|t6ZIaWSd$x4BbYy$PyIwrm5oP+*;ke(jCdDPq`utr#{f*v_0e3l3QQa3bfLKZ6QH3 zLv`Jy24m^CfQ<(SIdap;n;E*;|GB{Hgt)!9oxZbZ1lTv?xJ)#2$%?m3ESk~b!N`1?d{b_DB?>qA}=_r(rNfZBb@?ud`Ad&EMw90!*- z-@&PS+0L|GNmwP%t553uX#2M|5l~DI7DmGy`qtei@PG~FPhvCLfSRezk z@7mllu1sV;FoXk(7P2)BimN~Ko*wnz-7udIFtnOf^l-qJ$JLjH4r}na8(gK-9ERFD zMy2lN;~2X)>)F5abDyLHw$!PIahd#EFW~2>kq4Qhq20t3sfH}`Gzh)bi4z;cLO@E0Ez8CfZGW`Vy#G!r^~lJpsz?wsL2$V*w#LJ1$1qR9UUhQ z=r3iKM^?O#e}|weVfW|fh_>V$LK)|!J7V6Cup`seD`CRv622Q`sc?fQ)78wPRQHV$ zM^4vwLB}5ca~a+f&nM`7KK$8EXhO@t-u?E^klp!g&q%0))BlJtLvoub#OS%uzRvoXlP_UgPgKs<1HLyekkZf{`EX!8R#;=i7GO` z3-4O+YAz|um6~vvPO9VR38B})lj0K+e+}DPCBY&TyON;e^2zd%rbILKD04Q5Tf;WW zp+G6aUf}$?=Xy9}Ma(#HEC-M9Md$m53o znlr5u+v@H%OaPNr5aZPj#_bUAp9fSA-`Qc+U}&f{4RMt*U>Eo+%+_%>D;Ca^ruD*S zqaXi|z`++`7VzA@NPs41F(gWCpmVS<&waLFprYg5pXWk@uAdnrrp-TrU73XH^)!X2 zrmQp5XDx);!>cxl6KHFz&br$oKg`F4?Gi!fs)OIe7(tGi0A=rQ&w+ow@|+7F z6gP4ZHOm5MH3}GytNXc<5{=WA!d9-^8&0F;wY%I3@5HgW6tR--Ep|!+M;e1~a6(w-+}$+ATUF*OR;J<)(3R zr+}x>HYF?-g9{2Z0y`pB4NE5>WR}ScqbIYs?kV-5)p{NuxF(I+H0Ze#xE01eg2cMW zzk_pOp3!7}ulUkbgD*!^Wjy)5g~sIa(ry_AWtT$lMnDGCl{c=T$p_rP?jn^7u1yK? zyC%UE)kZpZ8Du@CHAL|O7i~SUYppN~Xx_Fu>PNZurC#!$5JuVVdK>N+E^c(432O_~ zSQBpK?e8Lcmve3@eivN=??%6p=S40au3Mormn|8PHrfNk>GGrI5yuSsZTY-vcE<;I zZ(ojc**sEyNgQieCLN8y2)Eyf_ID&huP>>Wc&BnYfFp{J@I;(|)xcU(Sm(*d&tpM{ zee$eq(07+;E?j4LJyPw4$L3BJCtonjTwk6+2QQtwEsNfx*fH%SM0w-%Lb*7&tQ?U+ z|B6vh*42rdq2)Jdes^p8hGXQLkS(;jLBr)5N^g+}Mt8K%x)PJUm+^m2)AU~w&PyCw&gC3bq%E65|l7D*pu2ZPiJN6BTo=&w`>q^ z+!EPtgq`fmX!<}o1ruC|Dl{*yoOnC9A*I35)ugll5j>Dh#_z?)Ej$3`UQ$?y;VsYI z+d5Ph*kPPYlqDPbqiW+%<&i*cpo70qDRwj__La!xA!79BG=bo$OMRL;D#-SnX&&pA z<`g#RUgLuadWApMEln7jloJvhsCi9?5tP(Yq8BFXeJ8Zh{up@dAenH$%shO!C_#>K zEo)k%@qTT7(-HfpC!fOH-%x!}T{Nqj7zosBNvcCYPNh;8Jcs7tx3DxCZI_<2FjLu& zHivGk!zVGKh`V_|H`+5@{w=`@=ckle*4rqmnmm@Hvf|1Pc{c&mIki_zWO-6flo}Gf zlrOr^k%cNO+yb2-qE#3aV^!|gt!ePuw@f5MCW8}s20W;-7SHfZhL=zJi~NF3k^pG= z&Sm=nj1kDT8u7hWDeAKMxLF4p*#ZTx)@Q7vDEO6-ERvg!0ZDLEj~#WVmyBWXp*i^U zMJV?~$h@0A_feDW4X}D>*$w36O1HlSD!sOdpdMO#hO zzP*5HY#oCW^1xdaUf2-F)-pAc zrE5Ux(d)rYP!Ijj?e%Tu5kSGy_Xl9`4Z!b(a3Riw&LVFg*^t@aGsAe?YFh2fzTTW# z4(!{0|2wuUiG=Ov`T#~6maply(7=)w1gKJMfTpszQojurvZ%pFGY5z4R_wP@^H|%q zzzM*A?qnaG`qkLRNaSY^RT>hB%v~|Y{T!!8Y6;A>=WM_z@!4T}wQCt6c*X)ogikK!e z+&)bi{5SGHd-2I%bfuH{Atl^54-;C;BEkFQ0tjHC(2T=Ou_WYB)J~K|r7?VlQ`!4Z z;E}HDIVdP$W!kI`NB5a&7Ea`t3!Hi|eR9VJM{+G| zABCRchJ5=}s78`Lia3%AT!WU-yF zFYs~CVEFv18QI`H2k_zku=)?_&I24)0wbcF{#iwd4S>XS4#_Dd9Dj;sT58d{->H}A zl?sUbNQRn~l41p`rIOt$HO%LTiC8vU_XIF4WsSEb%&usJ)avqJ6}Dhb)MDl%Y1r0y zbxu)P5wMs6ZxK_MU|O*7uU9G=HQA;@h4R=-YK$QpF-KZ8sexP#`O&zawB}q1l&QIH ziQya<-ay#D@m^6@8~#dC-YI?a{y{0MhyXJ)__)i}+(=Z!Hi1=D4O&qxFQKBG*YD%< z)hpg|%T|NcoTE)mrlM@Stg(am>XvV`{= zO24p54?}I{^L1mwT9i17Tvm)VZd2)BX~%c`wT_l6kG>$P40yc}%G|<(%6iqNRj9b?Upj$pL)w@r zbN`H8o+e%YN4@*6v|9PJvcd?U1!T->;XqBJCYkYLNw^&Ikjo z`gUJ)`>FUK1=%SdX?~Ri@QRb<;HtwDy*F7W(WVsVZirLx+(>SZJY(I^g_3Agj5JMf zU!9y}9fcvXBDd9hs826P#k0>Y3G%<;-Puwt#)FT3U=fmqTDWX>vJZr#a~yinBADL) z{8X|NDEA_?cHf<~R0^cxqYg8;SrJ4#rU{RggBt4fO^G~Pg0Z$si;I8m3Q>?H28lUT zia|biG)57K3^LXS1GBS3$^lEIhMD?j7#1hka9{dM5tguWm8))0TR7hXQDkvY3*7(w z9OW$?UB0tj5J~1_?a7?20{zkt?StzDg}lzSRC>a_oeGwJ#$-{(I6+Ps*GNe9`eDK) zSlddkvDD42^B~3W_GQ`SE$0(xsw6nbJF-g`Jcud*7eID>qgR5Zl&+z4OWZ)iUSIN- z0-obGbsR|eS!EYZY5Nx6bU(yF0syv!fNOXO+*bfXc?`;O}Sp(!(3jd9k8zbyP%ukn=tSic5_tUT*bxjJ^x?nxbR0m%}WU zHZL(v2;6X?o*l_Fvqw`+!kbeUUV;f;eXomYrShm`pSl!nl+n$`vqNLqMm%GH7(riNY=yd)vNNFkNgB*ybZM<9!&bmsNMwDR&p?)oRuxkQR?nGEDE+?k)37oJX|U z0Z|kci~oS3NR>Xss6&AKEq|=YO~z|(2Rd5oxB?#U<%_$v*b#j;k9gQP{$r#xOsdz} z?_!&8$!#PRd%(4PK{d}L;~kKLE&v}P^5n~~Vn848Pwwv8#RFF7hLF#_U!ljQwM#WL z2n`dp>J*5@=yb(!QlEO`vZbHv=#lN%PZ#NVf=ej`dy9@|zKLZGM+7EOD;6C^d;Fx9qR9EHJ{AG?d(g&4+yHWFF#)<{}rB_jf57;O?Rq7ZkU$7*|X z{U&bmR-s+~(L-kucg-rzMLcwNyH=Z9)FQRON-_G|&Xlczh(xasQb^Pc1X=`;N;&^9pA-&g%i)BE8rQ77Mk@S8D@s8KD z-lwr5WfGubc$a@7?ds>By}DZzK>YM8AUm_>m#Ize!X{#~VFSZ-S+1R~Le=hL% z!po8`LbWf)9l#d#THtlU$IkUTU{CGm`V%|r+I{2E8sh^nOQx$k_F@jkLKqT5X3tN)4X;9oL`ElURYyuIXS40U+dN+;v|1m~~nN+?qS z&~`Nvrfsw;+v^!a*8TKp^a?uAZ#Ui6LRy{d9TIAl4*OixPMTszawna4G_yD|gW`&l z945_2u;UeRPv&#BZ2NvD&jee46xDW45o>-NR{?#y5kI%~kAVYqKb+*fv+`ZJp7?j- zUG$$Y67H7GNK`w9>uLSq|+s_>gXku*L*c?C(DT|i( z`c)MlJ=WHs7y`ag3cY}%@ zucBM1HUl(I<*P1bIE3ea@*n%@f_utY{cGvIcHoyBU8w5}&TGxu%$$?o_I=tCH{m1Y z5Okfqx!#TWvzZi9^?|Ys&OVrP7PDi1177{ey+a;NFjiK0H8qSjk(A`H~+gS6aT-O&(zA?)YjGA-j%`I z*xv5Hh6VH=)X4t_{wEU~^S|;x**KUu{>}gSKe5pMlmBC$#H#`(1SR&!KW1P=kA-E# z!OHpy<_AHFYD=nkTbVts_Ub!(?a|ZQ&v*3g(${|*nJM^nas3!@ZIy@5hf0x^c9REp z-VG6?Oq7x0lfSKadO$e9O~}P2?{92;ECk_#-K9}Jwf>uB>V?z&@NJ?Er>JK$it-8_ zqMTGC9EUz;RO@C5Cq-ieq1$ZQj*N=L4)tN231